<?php

//  Wtg
//  Copyright (C) 2006 Niels Egberts <niels.egberts@gmail.com>
//
//  This program is free software; you can redistribute it and/or
//  modify it under the terms of the GNU General Public License
//  as published by the Free Software Foundation; either version 2
//  of the License, or (at your option) any later version.
//
//  This program is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//  GNU General Public License for more details.
//
//  You should have received a copy of the GNU General Public License
//  along with this program; if not, write to the Free Software
//  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
//  02111-1307, USA.

if ( !defined('IS_GAME') ) {
	die ("Hacking attempt");
}

function login_form () {
	// Check if we are logged in
	if (isset($_SESSION['username'])) 
	{
		$logged_in = 1;
	} else { // NOT
		$logged_in = 0;
		// Filled in the form at the previous page?
		if (isset($_POST['filled_login_form'])) 
		{
			// Check username and password with database
			$username = $_POST['username'];
			$password = addslashes($_POST['password']);
			$query = "SELECT id, username, password, email, status FROM users WHERE username = '$username' AND password = '$password'";
			$result = mysql_query($query);
			$num = mysql_numrows($result);
			if ($num == 1) { // If correct
				// Log in
				$_SESSION['id'] = mysql_result($result,0,"id");
				$_SESSION['username'] = $_POST['username'];
				$_SESSION['password'] = $_POST['password'];
				$_SESSION['email'] = mysql_result($result,0,"email");
				$_SESSION['status'] = mysql_result($result,0,"status");
				$logged_in = 1;
			
			} else { // If the username and password are entered incorrectly
				$output .= "<p class=\"error\">Incorrect username and/or password</p>";
			}
		}
	}

	if ($logged_in == 1) 
	{
		$output .= "<p>You are logged in as: ".$_SESSION['username'].".</p>";
	} else {
		$output .= "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"post\">";
		$output .= <<<EOF
		<p>Username: <input type="text" name="username" /></p>
		<p>Password: <input type="password" name="password" /></p>
		<p><input type="hidden" name="filled_login_form" /></p>
		<p><input type="submit" value="Submit" /></p>
		</form>
EOF;
	}
	return $output;
}
?>
